Account separation: Five reasons why not to run as a local administrator
Here are five reasons why you should be using account separation and not running as the default local administrator user account when using your computer.
Number 1. Limiting access to possibility sensitive systems and configuration settings on your computer. Now imagine, if you are running as a administrator account for your day to day use, your browsing the internet, you’re downloading files, you’re clicking on email links from people you don’t know, this could potentially allow any virus or malware or external attacker who gains access to your system via malicious means to gain full uncontrolled access to your system.
Number 2. Running as a standard low level user account for your main daily tasks is best practice as you don’t generally need administrative level access for your day to day work. This is called least privilege access. And if someone does get into your computer they are restricted to what they can do, which can reduce the damage caused.
Number 3. It helps to separate your access and gives accountability. This is more so important for businesses, so if something happens you can check the audit logs on the computer to see who did what and when. This also helps to remove blame when incidents happen.
Number 4. Separating accounts, helps you protect against accidental change or deletion of data or configuration settings. When was the last time you checked that your backups worked? Again this can play a big part in bigger businesses. Only give access to people who need access to go the job.
Finally, number 5. If you’re going for Cyber Essentials, this is a required control to have in place, so why not do it. If you don’t have it in place, you will receive a few major non-compliances which may stop you achieving certification.